[asterisk-commits] seanbright: branch seanbright/issue13290 r137347 - /team/seanbright/issue1329...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Aug 12 18:56:49 CDT 2008 

Author: seanbright
Date: Tue Aug 12 18:56:49 2008
New Revision: 137347

URL: http://svn.digium.com/view/asterisk?view=rev&rev=137347
Log:
Increase the size of the query buffer a bit, and use snprintf/ast_copy_string for safety.

Modified:
    team/seanbright/issue13290/cdr/cdr_tds.c

Modified: team/seanbright/issue13290/cdr/cdr_tds.c
URL: http://svn.digium.com/view/asterisk/team/seanbright/issue13290/cdr/cdr_tds.c?view=diff&rev=137347&r1=137346&r2=137347
==============================================================================
--- team/seanbright/issue13290/cdr/cdr_tds.c (original)
+++ team/seanbright/issue13290/cdr/cdr_tds.c Tue Aug 12 18:56:49 2008
@@ -105,7 +105,7 @@
 static TDSCONTEXT *context;
 
 static char *anti_injection(const char *, int);
-static void get_date(char *, struct timeval);
+static void get_date(char *, size_t, struct timeval);
 
 static int mssql_connect(void);
 static int mssql_disconnect(void);
@@ -139,9 +139,9 @@
 		userfield = anti_injection(cdr->userfield, AST_MAX_USER_FIELD);
 	}
 
-	get_date(start, cdr->start);
-	get_date(answer, cdr->answer);
-	get_date(end, cdr->end);
+	get_date(start, sizeof(start), cdr->start);
+	get_date(answer, sizeof(answer), cdr->answer);
+	get_date(end, sizeof(end), cdr->end);
 
 	if (has_userfield) {
 		snprintf(
@@ -354,7 +354,7 @@
 	return buf;
 }
 
-static void get_date(char *dateField, struct timeval tv)
+static void get_date(char *dateField, size_t length, struct timeval tv)
 {
 	struct tm tm;
 	time_t t;
@@ -365,12 +365,12 @@
 	{
 		t = tv.tv_sec;
 		ast_localtime(&t, &tm, NULL);
-		strftime(buf, 80, DATE_FORMAT, &tm);
-		sprintf(dateField, "'%s'", buf);
+		strftime(buf, sizeof(buf), DATE_FORMAT, &tm);
+		snprintf(dateField, length, "'%s'", buf);
 	}
 	else
 	{
-		strcpy(dateField, "null");
+		ast_copy_string(dateField, "null", length);
 	}
 }
 
@@ -403,7 +403,7 @@
 #else
 	TDSCONNECTINFO *connection = NULL;
 #endif
-	char query[128];
+	char query[512];
 
 	/* Connect to M$SQL Server */
 	if (!(login = tds_alloc_login()))

More information about the asterisk-commits mailing list